I am taking a chance here by discussing a topic such as this, and in particular taking the stance that I am taking. So, with that in mind, let’s just get down to business.

As is usually the case with these sorts of things, we’ll start off with a disclaimer or two. Most importantly you must realize that these are my opinions and observations, and some of them might be wrong. Please feel free to let me know if you disagree with anything I say. Keep in mind also that I am not saying that rooting your device does not have its benefits, but rather that one must be careful. Now that that is out of the way…

So, you just got your fancy new G1 or MyTouch 3G (or whatever other device you happened to get) and you’ve been reading about all of the cool things that you can do with it… but there is a catch. You have to “root” your device in order to do these cool things. So, of course, you hop online, find a tutorial (or even better, the so-called “1-Click Root” method) and proceed to root your device. To your surprise, it has been made so easy by now that it worked perfectly on the first try. Congratulations.

Now, in a perfect world, every user who has gone through this process knows exactly what they are doing and, even more importantly, how to keep their device and the information within and connected to it safe afterward.

But the reality is we don’t live in a perfect world and I see new Android users every day who choose to root first and ask questions later. That is, they decide that they want or need to root their device before truly knowing what that entails.

However, I can’t really put all of the blame on the users at this point because I know that there are a lot of (really great) tutorials out there for rooting, and I know that not all of them put enough emphasis on the seriousness of it all. Some flat out fail to make it clear that you are compromising the security of your device when you root it. It is as if they make assumptions about the technical level of the reader, and we all know what happens when you assume.

Accordingly, it always concerns me when rooting guides are placed right alongside beginner tutorials. To the reader, this implies that rooting is a beginner process, and that all beginners should do it. To that I would have to disagree. In fact, there are some users that simply should not do it.

To fully explain why I think not all users should root I have to jump out of the “root” discussion for a while, but I hope it will help to make my point.

How many times have you been perusing the Android Market and seen an application or game that you wanted to download? Countless, right?

How many times have you gone to download that application or game, been presented with a list of requested permissions, and seen things like Full Internet, GPS Location, Read Contacts, etc… Do you ever think “Hmm, why would a game like Asteroids or “Insert Game Name Here” require access to these things?” Do you ever install anyway? Don’t be afraid to say yes… I have done it too.

The fact is the majority of users simply don’t pay enough attention to the permissions requested by Android applications.

The fact that the Market tells us what types of things a given application wants to do is totally awesome, but it isn’t enough. Unless the user takes this information and makes an informed decision, there is little point to this security measure. As soon as you grant these rights to an application, there is little you can do to stop them taking all of your Contacts information (for example) sending it up to their server and doing with it what they please. I am sure that your mother wouldn’t appreciate whatever repercussions this might have (spam, telemarketing calls, junk mail, etc…).

And take for example another type of app. The kind that may have the best of intentions, but the worst of implementations. Believe it or not, developers do make mistakes. Sometimes a developer chooses to use a protocol that they think is secure but isn’t. Or maybe they choose to use a single sign on for all users, and then leave in the debugging code that prints that sign-on information to the console. Suppose also that this well-meaning application also offers an option to remotely wipe your phone. What happens when someone figures out how to spoof information (they probably already have) and send it to the server and invoke a wipe of your data without you knowing it?

Basically, what I am saying is that even non-root applications can be harmful to the overly trusting user. With that being said, we’ll head back to the discussion of root access for applications.

So, with root-enabled Android applications we see all of the same potential for misuse that we see in regular Android applications and then add on a whole new level of potential. Why? Because root access circumvents the security restrictions that are put in place by the Android OS and there is not really any effective way to tell just what the application intends to do with that power.

Sure, most (if not all) modified firmware releases include the Super User application by Koushik Dutta, or a variant of it, but is that enough? Similarly to the user account control message in Windows or other similar programs in other operation systems, this app only tells when an application requests Super User access. It does not (can not?) tell us what the application intends to do with that access.

How many times have we (yes, I have done it too) granted “Always Allow” access to an application without fully knowing exactly what the app was going to do? How can we tell exactly? Most of us can’t, so we rely on what other users tell us, or we trust the developer. But, of course, that is not always reliable.

In many cases, but not all, these applications are open source so we can look at the source code to assess the risk. Then again, with an open source application, there is a greater possibility of coming across a modified version. Even if you only allow access once, your phone could be ruined.

But what exactly might a malicious root application do? Basically anything. In a little brainstorming session with a friend we came up with a wide variety of evil things that a root-enabled application could do.

replace the Gmail application with a modified version

replace your keyboard with a version that logs keystrokes

delete files such as applications or application data

download and attempt to install a different modified ROM

download and install another application that wakes up nightly to call toll-numbers

gain access to your Market account and make purchases on your behalf

and the list goes on…

Luckily, we haven’t yet seen anything like these. Hopefully, we never will.

If you are now thinking, “Man, that stuff is scary…” then I am already starting to feel better. It is the user, who recognizes the potential misuse and keeps it in mind when using these applications, that will be better able to protect their device and information.

Do your research. Learn about an application and the developer before trusting them. As a precaution, don’t use “Always Allow” in the Super User application, though that will not protect you against a one-time attack.

Ideally, we wouldn’t have a need to “root” our devices for some of the things that we are rooting for.

Case in point, I’d guess that a large portion of users root because they want to apply a theme. If Android were to natively support themeing, that might reduce the number of people rooting. Some people are rooting because there are optimizations added to make the phone run faster. Perhaps some of those optimizations could be contributed to the Android Open Source Project and included in official builds. In the case of the G1, where storage is extremely limited, we are rooting so we can store apps on the SD Card, or so that we can continue to receive updates to the OS.

In the effort of full disclosure, I have two Android devices, a T-Mobile G1 and a Google Ion ( HTC Magic), and both of them are rooted. I rooted my G1 when I first got it so that I could install applications to my SD Card. I will not claim to have known exactly what I was doing at that time and I am pretty sure that I don’t now. For months I used my Ion without rooting, and only did recently to try out the “1-Click Root” method. Otherwise, I’d be pretty happy plodding along without root on my phone.

I am sure that there are a few readers who might be wondering what brought on this post? To be honest, it really comes down to an observation that a lot of new Android users have the impression that in order for your Android device to be “functional” it must have root. And while I wouldn’t normally see that as a problem, we are beginning to see more users who don’t fully understand the whole root concept and as Android continues to gain momentum, the likelihood of an attack grows.

Most Tweeted This Week

http://AndroidandMe.com Ryan Mills

I will have to agree fully!

The only thing you can preach about when you root is to be educated. I think AndroidandMe is doing a good service by letting members/users read this to let them know what to keep their eye on. One application you can download off the market is aSpotCat, it will tell you want permissions apps want and use.

The only thing I could argue is that all apps have the potential to break down your device and make it do things it shouldn’t. The Android community is quick to point it out though… so if there is a malicious app out there it would get shut down quicker than later.

Good read, I hope more Droidheads take the time to read it.

http://forums.t-mobile.com Will R.

Great read! You make some excellent points and I agree these things should be communicated more widely. Root isn’t just for the ‘advanced user’ anymore and I fully agree that the novice needs to be better informed. I’ll take this back to our community as encouaged reading.
Thanks for putting these thoughts together!

Tom

Being one of the new Android users that Justin mentioned (my phone hasn’t even arrived yet) I think the post is perfectly timed.

While it’s not going to stop me, or even slow me down, from rooting my phone right away, it did make me actively aware that things could kill my new toy – and just like running a Windows machine in Admin you need to be careful what you pull down and install.

I did however follow the link to Koushik Duttas blog and download the SuperUser zip – and I’ll be following up with Ryans tip about aSpotCat once I have my phone setup.

Thank you to both of you.

Eric H.

This is a great article and should be posted to the XDA forums and stickied. I almost wish that this would be a mandatory read for first time rooters before they went through with it. Maybe the maker of the 1-click root software could incorporate something like this into the application and then quiz the user on the content of the above message before allowing them to root.

In my opinion the only app that you should ever grant ‘always allow’ would be terminal and that doesn’t even need to be done as it only adds about 1 second of time to click confirm SU access. Certainly the only app that I ever granted SU always allow to is terminal app as I use it quite often.

Tom

As a follow-up… I plan on using the stable builds of Cyanogen system – does anyone one know if that has SU built into it?

http://www.nexsoftware.net Justin Shapcott

Yes, all Cyanogen builds include the SU Application.

Tom

Ahh… sweet. I kinda figured they would… thanks for clearing it up tho. Now I don’t need to worry about tinkering with the zip I pulled down from Koushiks site.

Keep up the good work Justin & Taylor… and everyone else at A&M. You’ve made a longtime reader out of me.

http://AndroidandMe.com Ryan Mills

Please feel free to come into the AAM Forums too :)

Happy to have ya!

Tom

I’m sure I’ll be sucking up all sorts of knowledge from the boards in the next few days.

I just got back to the office from going home for lunch – had a nice surprise when I got home tho… my phone showed up a day early. It’s sitting on the hutch charging now for playtime tonight. :)

Ethan Christie

Hey is this all right if I may post this to my website, and yes, with putting your name by it and saying everything is by you? My website is Afaa Games and I find sites and things for other’s needs or things people might not of known existed. If not, can I atleast just make a link to this site?

http://news.netapex.org NetApex

Very good article. I am coming from the world of Windows Mobile where after unlocking the phone you can load a ROM with a few simple button clicks on the computer. With everyone and their brother creating a ROM for people to try out, it has become second nature to just load one up, load up everything you normally use on your phone (email, contacts, visit banking websites) and never once consider the fact that you know nothing about the person who created that ROM or what “else” may be there. At least with Android you have the opportunity to look at the code (but seriously, how many of us have the time, desire, or knowledge to do so?) This is a great reminder to keep diligent and think before you click.

Carrozza

Interesting article, good points.

Simon

Nice piece… couple of key observations (as I see it), as a non-developer user;

1) Rooting allows themes and Wi-Fi Tehtering.
(most, if not all mobile networks don’t allow – but as long as you don’t use it to download GBs of data, then you’ll be fine – IMO).

2) Checking the permissions of all Apps.
All Apps in the market can do most of the negative things mentioned (e.g. copying contacts), but most scams will be reported on the various Android websites/general news pretty rapidly.

3) Only allow Super User access for Apps you trust.
Ensuring that you only allow Super User to programs you trust will see you right (e.g. I only allow Wi-Fi tether and CM Updater – for themes and ROMS updates). Thus avoiding all of the really nasty password access /phone call stuff.

ArI

Nag, Nag, Nag… I never read these posts and never read the permission requests. I also do not read licence agreements or user manuals.

But i do get angy when things go wrong. They should have worned me for that!!! :-P

nick

Thanks for the post. I’ve had my phone rooted for a couple months now and will admit that I didn’t (and still don’t) realize some of these security implications. I’m also not really sure what apps I’ve granted the “always allow” access. Can anyone give suggestions on how to locate that and change the permissions?

http://www.nexsoftware.net Justin Shapcott

Open the Superuser Application… It will list the applications (unfortunately, only by id) to which you have granted “Always Allow” access. Press each entry to remove the permission.

Dharmabhum

Does this mean that, when I open Superuser and there’s nothing but a blank black screen under “Superuser Permissions”, that I haven’t granted any superuser access? No input does anything besides backing out of the Superuser app, as the menu key does nothing and other buttons just back out of the app. Thanks for the help!

Jen Beedie

While I agree with many of your points, I can honestly tell you my G1 is worthless without root. That being said you need to be smart about it. Rooted or not you should NEVER download an app that asks for a suspicious permissions. Just as you should NEVER root a phone without learning what you are doing and why. Don’t let your wants get in the way of common sense.

http://www.nexsoftware.net Justin Shapcott

Jen: The G1 is an interesting case… As a first device, they got a lot of stuff wrong. I certainly don’t disagree with your assessment. The G1 becomes very crippled very quickly due to the hardware decisions that were made by HTC. For many (most?) users, rooting a G1 becomes a necessity because of this.

WC

The expression is “Case in point” not “Case and point.” ;)

http://www.nexsoftware.net Justin Shapcott

Thanks… :) Will keep in mind for next time.

http://www.droidzine.com DroidZine

First of all, I completely agree with the article. That being said, I must add that IMHO common users are overexposed to rooting. Basically, users do not pay enough attention to potential misdemeanor of freely available apps. When rooting, main question in people’s head is NOT to brick the phone, data security is not even on their minds.

Almost every website dedicated to Android has some kind of rooting information, tutorials, and/or news. I’m not saying that it’s bad. But when You take in to the account the “basic” users, it’s logical to assume that they will probably WANT to root their device, regardless if they really NEED it or not. Hype about the rooting is just enough as a cause. With appearance of one-click-root apps the process has been stripped down to it’s simplest and almost anyone knowing how to click can root their device.

It seems to me that Android’s security system is solid one, but depends on user itself to make informed decision on what applications to install and what not to. Not paying the attention to the security notification when installing an app is just ignorant. If You want a password storage/encryption app, and it requires Internet connection, shouldn’t You think twice? On the other hand if anti-virus warning pop’s up on Your’ PC’s desktop, do You ignore it or read what it says?

It all boils down to the fact that rooting does have advantages but users themselves MUST think really hard should they root their device, just like installing any other application/game from the market. And to conclude (I’ll probably sound like some manufacturer’s PR) – but if it was (amongst other things) SAFE to have all the devices rooted initially – wouldn’t they be?

I’m not sure about this next one – but as from what I’ve read, every Android app runs in it’s own ‘sandbox’ thus effectively disallowing other apps to access it’s data, except if app ‘publishes’ it through public providers. Doesn’t rooting allow all applications to have root (superuser) access thus killing off the app sandboxing and whole security system which is in place?

jasonlee

Great read, everyone should be aware of this (especialy those who follow the root directions posted to ur site a while back lol) neways, ive always used cyanogen for the ease of use to constantly flash his newest build and have never once had a single problem even on experimentals. Thats my only advise, stick with him and u should be ok.

Laurie

I am just an average android os lover; and this article was an excellent read. When I first got my g1, I did think about going the root way (all the hipe on androidcommunity), but thought better, and didn’t. I really appreciate this site – great info.

http://simplyblog.net Miguel

Impressive, I agree. Excellent advice. I asked questions, put in the reading and research, watched videos, asked more questions plus more before doing so. :)

JERRY

Why doesnt’ Google allow Theming .. Maemo has it right out of the box.. and if the OS is supposed to be so flexible… why restrict theming.. .. that is very Apple-Like

http://thisandroidlife.blogspot.com Merago

An excellent article. I’m definitely a bit of a control freak/tinkerer when it comes to my gadgets, but I’ve held off on rooting my Hero so far. In truth, I was considering rooting (and I suspect I will end up doing so at some point) but this article has convinced me to continue holding off. I guess right now, it’s working fine for me and I’ve no need to squeeze any extra performance out of it, nor do I need root access for anything I require of the phone yet. If/when that time comes, I’ll re-visit the possibility of rooting.

Tom

I do have to laugh tho that one of the ads I just saw on this page is for a Free Unlocked G1 – one of those “complete the offer” things.

http://www.andriodtapp.com AndroidTapp.com

Great article Justin! I have to agree with most points. I actually have not rooted because of the consumer demand of my website, plus limited time to do it, lastly security has always been a concern. I have been doing research lately about permissions app request was going to sum up a piece like this but from the average consumer who don’t know or care about rooting. (Basically the pros and cons of rooting).

http://androidpt.com Luis Sismeiro

I agree with do and I hope more people read this article. I will put a link on the portuguese community site and eventually peak the theme and do one of my one. Thanks.

jeremy

I agree with some the comments about the hype and commercialization of rooting android being a problem for under educated users. I personally rooted my g1 cause 1 I like to customize, also if I buy a $400 phone I better be able to do what I want with it and not be restricted, I also wanted the tethering cause travling and needing the internet randomly is a necessity for me and I’m not about pay an extra $80 for a mifi device when I’m paying for unlimited data anyway. Last but not least rooting shouldn’t be for some teenie bopper out there going “hey dude look at phone” and that person has really no idea what he or she is doing or done. Not mention the ones who brick they’re phone and blow up all the forumms saying “you broke my phone” its honestly gotten on my lasy nerve. My 2 cents

http://www.thefutureofblog.com Jeremiah Hoyet

Applications have to request to run under the “super user”, at least in CyanogenMod they do. Ever tried running an application that requires root access? You get a pop up asking for permission.

Of course, users being ignorant to how SU works or what “root” means to a Linux-powered device does mean it’s a huge security risk.

Great article, I think everyone should read this before they consider rooting their device.

http://www.tyrfing.org/ Ted Kotz

This article reads a little like FUD.

Rooting your phone provides one important security/privacy service. It allows you to do to your phone anything that google and your service provider can. Otherwise your submitting to any control they whim, your just using their phone.

This is like argument 1 in the series that leads to Apple going before congress to convince them to make jail breaking illegal because of possible terrorist activity.

And I believe the SuperUser Application makes it safe. NEVER HIT “ALWAYS ALLOW”. Very few programs should actually require root access. A game never should.

You should always review a programs requested permissions. Many of the above horrors you list don’t require root access. They just need the right combination of permissions.

As a user you can already do so much harm with the phone the last little bit of flexibility root access provides a potentially malicious app is almost insignificant.

http://www.nexsoftware.net Justin Shapcott

So, the latest “rooting” app that hit the Market (Instant Root) which does not install the SuperUser application on those newly rooted phones… How do you feel about that? We can agree that people who don’t understand rooting should do their research before rooting, yes? That is the main point of this article. Like I said, I have both of my phones rooted so am not inherently against it.

branden

great read! very informative… I would also like to add (something i personaly do) is dont use your credit card information to buy apps. for that matter I dont use my real CC information to buy anything over the internet. I use gift cards. that way, if someone some how does get my information, they gain a 25 dollor gift card. its a simple way to protect one of your most vauluable possesions. your money =)

chewtoy

The more pervasive networked technology becomes, the more dangerous our common lack of security awareness will become. Eventually there will be a tipping point, a day of reckoning.

Consider each of these things people commonly do:

1. Giving account credentials to Meebo.com so that you can use instant messaging more easily.

2. Giving account credentials to the likes of Plaxo and LinkedIn so that they can pull in all of your contact information from other providers.

3. Installing a tethering app from someone whose livelihood you have no serious ability to impact (ie you can seriously damage the profit of T-Mobile if you prove they did something malicious, but you cannot seriously harm developer X on the market who released AppY for free).

4. Install … um, anything… on windows mobile…

(Ok that last one is both serious and meant to be humorous.)

For #1 and #2, which a shocking number of C-level executives I’ve known happily tout as the best features of these services, the danger ought to be obvious.

For #3 I’d suggest that the danger ought to be even more obvious, but clearly it doesn’t resonate with most people.

ELIMINATED

Is there any way we can get, say, a pettition to get Google to allow theming? There’s one called Prodigal Sun over on XDA that I really like, but not sure if I want to risk rooting my Hero when it arrives in October.

Syed Hashmi

Well and beautifully said. even thoug i am a computer science major, i said to myself a 100 time”dude, thats linux, u never worked on it. are u sure!” (of cose i am glad i did it) but seriously every1 in the world wants to have full access to their device (makes them think they are hardcore professionals) like in my house where i am responsible for all the electronics, every1 wants an admin account. then they screw up some thing n call me saying whats wrong. I wud not recommend rooting to bigeners cuz it will be a head ache for themselves aswell as other (no offense beginers do ur homework then root).

Orlando

This info help me a lot because i’m a new android user,i have mytouch3g and i was thinking to root it,but now i think ill wait a little or maybe buy another android phone to try it.Since i don’t really know what are the real benefits of rooting a phone!thanks ..

Finally, someone said it, great article! As a developer of Android apps, I would like to add that rooting and replacing ROMs is a nightmare for app compatibility. It becomes impossible to test an app on every platform available. And users expect apps to work on hacked ROMs even before the official SDK for the leaked version of Android is released. I was browsing the Market and saw bad ratings on one application by a big online retailer because it didn’t work on some build of Android 1.6. I downloaded it on my G1 with Android 1.5r1 and it worked perfectly. I sometimes get emails asking why my app is not working on x.y custom ROM. My reply is simple, sorry I can’t provide support for non-official builds. I have even seen differences between HTC and Google Android builds. These are official builds. Does HTC provide an SDK with their ROM on emulator? No. Hopefully we will not see Android diverge, otherwise it will become increasingly difficult to provide an homogeneous user experience.

Douglas

well thanks for the interesting read i am new and you said it without being snotty and i see the point.well said and well received. that is a skill that will serve you well in life. and you my friend have mastered it.

brnbock

I agree. While this post covers most of the basic hacks that might become as common as a virus infected windows pc, it does not cover the extreme dangers that rooting may present. Ya hackers don’t have to stand a mile away with a laptop to steal your contacts, but what about the possibility of an application to steal the information off your fastpass card? Or the ability to remote-brick your phone? Or turn your camera into a webcam while your phone is on your dresser pointing and you and your loved one bumping uglies. While these threats may sound far fetched, they are still threats.

Study up before you preform any hack. Learn what it does and what it can or might do. Never do your banking on you mobile device. Never store any passwords on your phone. And if you have any questions regarding an app that whats some weird permissions, ask a developer (the dev of the program and an outside source) they will be glad to help. Android devs can be found on xda of on irc.freenod.net #android-dev.

El

can someone please help me out. I have a G1 and i unrooted my g1 from jf 1.5 back to stock 1.0 then i got the update for 1.6. Now the problem is i want my g1 to have root access so i can use programs like audio hack which helps me hear alot better but i still would like the changes that come with donut can someone please tell me what i need to do to make this happen. Thanks and feel free to email me Theend313rd@aol.com.

vince

Great article! I have been rooted since April and have to agree 100% with you.
I think with the MT3G coming out in July and now the Hero, Cliq etc. … not to mention 1-click root, xda and other forums are getting hammered with new users that haven’t ever had to research, b/c root is now one click and they are not aware of the dangers.

Notice how many ‘brick’ threads are in the forums now………

Regardless, thanks, that was a great article, definately opened my
eyes (even wider). ;)

http://www.nexsoftware.net Justin Shapcott

I sincerely believe the fact that the “one-click root” method no longer works as of 1.6 (Donut) is actually a blessing. :)

Hugh McClelland

I just read your blog,and being a new user of the android phone and seeing in the apps that a lot of the apps require being rooted and reading your blog,all I can say is “EGADS” and I will learn more of the pros and cons of rooting my phone.Am very glad to find this blog..Thank you for enlightening about “rooting”

dna

Great Posting!

jessi

Thank you so much for the article. I am brand new to the android community by way of G1 and am trying to learn about the phone. I have seen the term “rooting” on every android site but never fully knew what it meant until reading this article. I appreciate the information and will not be rooting my phone any time soon.

http://Website Kona B.

Wow! This article was awesome. Here, I thought I was to much of a Geek to read this article. Now, I kI’now lost my Geek Card!
I’ve been in the Cellular Industry since the Moto Brick anf the Transprotable, and have watched the wireless industry change before my eyes. I Love My “MYTOUCH” but the phone runs slow. What do I do now? Delete Programs or Root? Can anyone help?

http://Website mike

i’m curious if anyone on here would know if it’s possible to reformat an itunes app to work for my motorola droid

glipzcom

UNROOT! UNROOT! UNROOT!

Its been driving me crazy. You just wrote a whole article about the dangers of switching to root, without mentioning the biggest issue of all. Its not easy to UNROOT.

The process of going back to a stock phone is not mentioned once. We warn people endlessly about the dangers, potential bricking, but no one wants to share the secrets of going back. Currently there is almost no discussion on how users would go back to an unrooted phone.

Maybe it is as easy as one click, but that information is not available. So for users such as myself who desperately want my phone carrier crippled again, I am just hanging in the wind, waiting…..

VoLoDaR1

hey check out this link to un root your phone it tells you how to do it hopefully this will help you out!

VoLoDaR1

i have a rooted mytouch 3g running hero rom i love it its ssssooooooooo fast and smooth i followed a coups vids on youtube to do it i have never done this before the videos i watched were very informing check them out thegadgetpro he really knows his stuff

http://Website kris

@VoLoDaR1 can you give me the link to the hero rom?

http://Website Andre

Unless one has knows exactly the advantage of rooting, they shouldn’t do it. Even tethering can be done by a purchased app (PDANet).

You have a valid reason about malicious software getting root, but there are a few more reasons. Rooting has a high chance to destroy data stored on the phone, and unless someone is completely OK with that, they should not go forward with rooting.

Rooting also voids the warranty.

Rooting, then making a mistake as root might cause a bricking. Some phones can be reflashed, while others do not have a usable flash image, so if anything outside of the /system directory gets modified, there is no way to recover. In these cases, a bootloop that doesn’t get fixed by a hard reset will definitely brick the device.

Of course, there are valid reasons to root a device. Wanting to move to a newer Android version comes to mind. Similar with wanting to drop the manufacturer/carrier stuff and just have the default Android UI.

If I were to ask one question about if someone should root their phone, it would be if they know what root is on UNIX, and the dangers of running as it. If they don’t know the dangers, then they should think twice about rooting.

http://Website Ben

This was a nice article, but the only problem with it is that it is written as if users only encounter these issues when rooting their android device.

Did anyone every use Windows XP? Probably. The biggest issue with XP is that every (as in EVERY) program is run as admin, therefore with admin rights. Not many people realize this, but everyone went around business as usual and to my knowledge didn’t raise red flags for many.

My point is that what you say is important for those unfamiliar with super user privileges to understand, but if you have used XP you have already been doing this inadvertently, and if you run Vista, Win7, any Linux distro, or Mac, you are already familiar with the concept of rights and probably just give whatever privileges when it asks.

Therefore, the real point for anything device or OS, not just your rooted phone, is to know where the software you install is coming from and make sure it is safe before you install it.

http://Website Pete Webster

I wanted to root, purely so i can a) put a custom ROM on my HTC HERO and b) so i can install apps on the SD Card.
However, I have already installed the Modaco custom ROM and Cyanogen’s recovery image. I have not yet run out of space on my phone for apps. But after reading your post – I’m gonna think twice about adding ROOT, at least untill i have a full device..

Can you not install apps on the SD card without ROOT?? If not, this would be a great feature from Android that would prevent many people from going down the Rooting road.

Also, Even if you do ROOT your device. Do apps state that they need Root when you install them, ive not come across one that says this yet?

krazytrixxxsta

you dont hav

krazytrixxxsta

you can install app to your sd card instead of the phone by downloading the apps from 4shared.com into your computer then sending it to your phone.

j bond

Unless u have a flow chart u will never know how your changes will efect the sys for sure. Things may seem fine, u make a selection, all hell breakes loose. It could happen I programmed for years its hard to follow someones logic. It can be good thing “yes do your home work first” you’ll feel better .GOOD LUCK

lolwut

Lol @ flow charts. What did you used to program in? COBOL?

http://Website chancy319

I don’t have root but I’m quite happy with my phone the way it is. :)

http://Website Ben

Thanks for writing this, i don’t have the phone yet, but i’m trying to learn as much as I can before getting it. Is the moto cliq/dext any good?

uhanrodric

I have a Moto Cliq, and it is my first Android device. I just read that someone has possibibly found a way to root the Cliq. My view is, since this is my first Android device, I’m going to wait until it’s lifespan is just about done, and I’ve moved onto a new device to try and ROOT it. That way, worse case scenario, I still have my new device.

http://Website colby

I found your article very informative and interesting. I was also considering rooting my phone but I didn’t after I read this cause I really didn’t know why I was doing it. So if u root your phone u can customize it completely and making it run faster but you run the risk of ruining ur phone

http://Website Anita

I’ve had my G1 for over a year now and have never felt the urge to root my baby….. that is…. until today.
lately i’ve been having a lot of problems with my (data)connection. just now i saw a youtube vid by emogamer about radio upgrading which would be (if and when it works) an absolute dream! But of course this only works on a rooted phone……

Until now the only reason i didn’t root was that i was afraid of bricking it and wanted to know a bit more before i took action. Thank you so much for this article! it has opened my eyes about the other risks of rooting.

i’m probably going through with it but what is the most reliable way to do this?

http://Website Anita

unless there is a way to upgrade my radio WITHOUT rooting

http://Website Stone

Let’s not forget the very common desire to root to allow custm rom versions such as not yet offically supported android versions. The desire to have 2.1 on so many devises as it allows so much more.

http://Website DUH!

they dont mention that rooting a phone is 100% REVERSABLE. haha on just about every android device…just something to keep in mind

LauREN

I think that if you want to root your phone you need to take the time to educate yourself on doing so, and I agree that it is 100% reversable… so if you wanna do it, go for it!

http://Website Matt Beighton

Excellent balanced article. I have just had to root my HTC Hero because T-Mobile UK and HTC refuse to invest any time providing anything above Cupcake for the phone and I am tired of being stuck without anything useful just because I got a branded/locked in phone. It is now rooted to Eclair but you are right, I have no idea what it is doing in the background.

guest

Why is most of the os on the market named after pastries? O.o

portalfanatic

Google names each version of Android after a dessert, alphabetically. Just a little thing they do. What they’ll do for Android 27.0 I don’t know.

http://www.presuntotorrentsearch.com Vitor Franchi

Great article, really makes you think.
I agree totally, first learn your phone’s features, sometimes you don’t really need to root your phone. And study, know what are you doing, backup everything first.

Would it be possible to have dual-boot ability in a phone so that you could use the rooted phone for everything but stuff like banking etc which you would boot into another part to do? I’m not sure if that makes sense. If you could have some kind of separate safe area for security things. ??

Sounds a little like protecting people from themselves – a concept I’m not crazy about.

http://Website Maria

I have a question about rooting. Does the danger of rooting come only when you download a root application? I mean, if i download from the Android Market alone will I not have to worry about experiencing those above mentioned “evil things.” I am just wondering, because I have a new android phone with so many useless factory applications which I want to delete but can’t, of course, without rooting. I just want to know if itI will not have to worry about malicious root applications after I root my phone if I just stick to downloading from the Android Market. I hope someone answers me. Thanks.

John

Even applications on the Android Market *could* be written to detect a rooted phone, then do something evil. Google currently does not have the ability to detect evil applications, so you should always be careful.

Curt

My question is similar to Maria’s. Can I root to kill off the crapware/bloatware that came on the phone, then unroot? Will the crapware stay gone? I want to get rid of this annoying garbage so badly, but have been reluctant to root because of the risks. Thanks!

http://Website jimmy

Great article. Been thinking of rooting but wondered the downsides. This really helps to clarify things. I completely agree that a lot of people root without fully knowing what it is. I’ve been in forums where people say ” rooted, now what”. That’s just crazy talk…

http://Website Brad

Ok this article was informative but honestly stop straying away from your point and get straight to it. This was hard to follow

http://Website Nubsauce

@ Brad STFU and go back to school so you can learn how to follow when you read

http://Website Pfries

Rooting your phone ahhhh…. The benifits are great to thoes that are power users(in the sense of PC power users). Yes once rooted your phone is essentialy wide open, aplications can have full permissions. So what now an Android DoS attack? Windows inherantly gave full permissions in XP and XP shipped with the RAW sockets open….. Even with out Root your device is vulnerable, only download apps. from trusted developers and sites, do your home work. Anti virus is now available for Android and I am Sure firewalls are on the way. These devices are computers with a phone function they are no longer just “phones”. As popularity increases the threats will to. For most rooting like OCing your device or PC is unneeded, If you want to root do your research, read a lot, make sure you understand the inherent risks and that you need it rooted in order to acomplish what you want to do. I have mine rooted and overclocked, I run no antivirus. I only download known apps I know what I am installing and doing to my device. It was a natural progression for me from pc moding way back in the day to this. All in all make sure you are comfortable doing it and understand that even unrooting your device the bootloader is still unlocked. Whatever your choice have fun.

http://Website Mr Bond

It annoy me big time all the crap ware they stuff in your phone and they go to extremes to not allow you to remove it. guess what it’s my f**king phone, I own it not them, I paid a lot of money for it and still I can’t get rid of all the crapware. The have force many persons like myself into rooting and reinstalling the operating system which is at this time the only way of reclaiming my property and removing the unwanted crapware.

http://www.androidapps.sk David

Very readable article, with your permission, I would take some pasages and translate them to slovak for my site, because I am actually making some articles about rooting and from this angle of view I have never been thinking about dangers rooting

Regards

David

http://Website Mike

Excellent read!

Let me tell you I just recently made the switch from iPhone 3G to the android. I have a citrus on the Verizon Network. Towards the end of my iPhone contract I ended up “Jail breaking” my iPhone, all was fine and good for about 3-4 months, everything in good order, and then things started messing up, badly… My phone would lock automatically for no reason, it would take me anywhere from 3-5 minutes just to unlock my phone to get back to the main screen, apps would start to malfunction as soon as they were opened, they would close, sometimes the app would open and then hang for 15 seconds, and the phone would shut-off. Why did I jail break my iPhone? I liked having that backdoor option, I’m a developer and loved knowing wherever my laptop went I had exceptional internet with it (well most places it was at&t remember). One day my iPhone shutoff and just would not turn back on, I tried plugging it in, unplugging it, even tried plugging it into the computer, the computer wouldn’t even recognize it. My iPhone was “Bricked”. Well now that that horror story is in the past, I have made the switch to android, I now develop apps for the android using the android sdk and consider myself to be an “Advanced user” and still have chosen NOT to root my phone. Whether you know what your doing or not, whether you have done it one time or a thousand times you always run the risk of doing some serious damage to your phone rendering it useless by jailbreaking, unlocking, rooting, etc… I jailbroke my iPhone and it took months before I started having some serious problems. So if you do decide to root; just because your phone resets and turns back on with no errors does not gaurantee your out of the woods. If tethering your device is your reason for rooting, there is an app in the market that is called Easy Tether, it does not require a rooted handset and is fairly easy to setup, however the free version will not connect to sites on secure socket (https://) the full version costs only $10. Much cheaper than having to replace your phone because something went wrong. Just my two sense.

http://Website shawn

Thanks for the into. I had no idea the cons of rooting my phone. I almost did it without checking up on it. I’m glad i saw your page.

http://Website Jerry wise

Hello my Jerry im trying to updata my phone to a 2.3 , but the problem is , the phone is off right now , . Is there any way that i can updata it .

http://www.jrtayloriv.net Jesse Taylor

Thanks. I was just looking into rooting my phone, and I see that I need to put a lot more forethought into it!

One of the things I’m having the most trouble with is that most of the rooting kits I’ve found are all from random people on forums, etc. Aren’t there any open-source rootkit projects going? It seems like this would be much more trustworthy.

http://Website Wall of Txt Crits Reader For 9000

I think its far more important to ask yourself if you can/will utilize the benefits of rooting. If not, don’t bother. If so, educate yourself before you do it.

I cant help but feel a bit of fear mongering in this article. Read the developer Distribution agreement. Although Companies are allowed to collect your information, your privacy is still legally protect. And distribution of said information would be in violation of said agreement leaves developers/companies vulnerable to banning and possibly lawsuits.

I will agree however that some responsibility comes to then end user, since regulating tens of thousands of apps can be hefty task. With more freedom comes more responsibility. If you don’t want that responsibility, buy an iPhone. Because even though you have little freedom/customization, you can have peace of mind with every app you download.

Its a general rule in life to not do something if you do not understand what it is you are doing and if/how it can be undone. Even something as simple as driving a car can be extremely dangerous if you don’t know what your doing.

http://Website Tom ( Boost Mobile ) Moto i1 User ( Android 1.5 ) :(

got my motorola i1 rooted So i could shut off the Annoying camera click Sound

wanted to take some ” Stealth Shots ” LoL also From what I’ve read in the Various

forums ” Root ” is Pretty much required Even for a Simple Backup Of my Phone ???

Anyone know how to do a full backup on this bad boy ??? am still looking 4 one

Have been looking for SpRecovery or Clockwork Etc Pref Sp it has more options &

Etc. also am thinking of trying some of the new ” Rom’s ” My i1 is ok but is on Crappy

Ver 1.5 but not 4 long if i can help it LoL …. Any Help would be much appreciated

This definitely helped. while I am still going to root my phone, I will check and make sure that the app is fine for every one that I download.

http://Website stillnotsure

my english comprehension isnt the best, but i fully understood, at last, the complete meaning of rooting the incoming galaxy ace ill have tomorrow (hopefuly). I may think twice before rooting now :)

tyvm, your article is awesome

http://Website juju

can somebody tell me when you root your phone i have an evo then it just shuts down and wont turn back on but when i plug it to different ports it just comes to the htc evo 4g screen then shuts back off then still wont turn back on

http://Website HarleyQuinnRogue

I want to root my HTC Wildfire so i can lock apps and apply themes. However, i do not know much about. how to do this and thought about looking at the negati has any advice on how to do this or reasons as towhy i should forget about rooting then please comment on it. To root or not to root?.That is the question. If anyone

http://Website Dustin

Thanks for this article i’ve been trying to decide weather or not to root my phone for performance reasons and was wondering about possible risks and this,helped out some thank you. Email me if, you have any other helpful information on this topic

http://Website fjcmachado

Hi,
Hi tried to root and lagfix my Galaxy S (I9000), but I can´t do nothing.
Has 2.2 FROYO.XWJPF with Kernel 2.6.32.9 root@SE-S603#1.
- In the mobile I tried Z4root e after OCLF…and nothing;
- Tried Universal Androot…nothing;
- I install in pc ODIN3, i cannot enter in recovery mode (VOL – + HOME + POWER)….nothing happens;
- SuperOneClick…no.
I really need that you help me to understand what´s wrong and to finally get a simple solution for this.
Thanks for the help.

Fantastic writer and you make some great points! Keep up the insightsful thinking(:

http://Website Chris

So I couldn’t help but notice that this article started in 2009and its now 2011 with many breakthroughs in technology. I recently decided to get with the times and got the Droid X2, I’ve been researching for some time now about wanting to root my phone. My main reason for doing so, is because when connected to my wifi at home slacker works perfectly fine and super fast. however driving on my way to work or on my most recent road trip I notice it cuts out every once in awhile looking for 3g service. I figured if I root my phone I can avoid the extra $20 a month to make my phone a wi-fi hotspot, and not have to worry about missing half of a song. I haven’t rooted yet because I guess of the fear if I root and something goes wrong I’m screwed and voids my warrenty. My question here is can I root and not worry if all I want is to listen to uninterrupted music? or is there a program that doesnt have any trouble playing music. (I tried Pandora, has issues with droid x at the moment)

I really enjoyed this post. I came across it by doing a google search for “apps for rooted android.” I was ready to argue with you. But your common sense and good points ring true. I have a rooted droid 2 global. I don’t do theme’s, just control the phone. I use tethering, and app quarantine. I won’t mess with anything else, because I have already bricked a phone.
Thank you for this post.

Tron

All i have to say is that I’ve tried to root my samsung galaxy s2 4g epic; I’ve wiped the firmware installed the wrong firmware; turned off the phone while in download mode and it was dead refusing to even boot or return to the download mode; the phone remain on with a forever black screen. I HAD TO GET THE PHONE REPLACED; which took a week!! thank goodness the phone was only a week old and that the replacement was free otherwise it would have been a 200 dollar price tag.

As of september 30th 2011 their is no Root available for the Samsung galaxy s2 4g Epic; code name (D710)

Can just Google Reduce this problem by allowing more users.
Seriously, I am a Tech.guy and always wander around sites 10-12 hours.
And I have read many articles.

The Developers of Android (Or Google)
Should make Android more “functional”.

http://www.ishanworld.webs.com ishan224

Well if you see rooting s device is not bad
But its too risky.

Can just Google Reduce this problem by allowing more users.
Seriously, I am a Tech.guy and always wander around sites 10-12 hours.
And I have read many articles.

The Developers of Android (Or Google)
Should make Android more “functional”.

oparra

I know this is an older article, but never the less, I appreciate the wisdom provided within it.

I’m a first time droid user and started to wonder about the necessity of rooting my brand new phone (because of all the posts and recommendations out there), and although I’m in IT, I will probably wait to do this when the implications/risks/benefits are way clearer to me.

Thank you for the article.

Sharon

So, now we’re confronted with Carrier IQ, an app that allows the CIQ customer (most of our carriers) to snoop on our phones/tablets, possibly to the level of recording keystrokes. And *everyone* denies collecting personal information. Yeah, we’ll see.
In the meantime, in order to remove the app, one must root one’s device. Hence my “root” search.
I’m no tech newbie, but no one can know everything. So, please tell me. What are the ramifications of rooting my device? Will it affect my services (phone, messaging, data) or my local apps? Will my OS upgrade still happen when Ice Cream Sandwich becomes available?

What will I regret and what will I enjoy?

John Doe

I look for rooting because need of firewall to limit & monitor port, in, and out. I want to have control of security on my phone. I don’t want pay for something like this with expensive security app.

That’s why I rooted my phone. Is there any app for network firewall without rooting phone?

None ya

Cool that yu thought to do this but who really understands all of these technological words and explanations? Just tell me why I shouldn’t root my phone. I didn’t even read half of you 10 page essay before I summed up the audacity to comment. We’re just phone users not phone developers. Nd anyone who read this whole thing clearly has too much time on their hands. So uhh other than that. Thanks. … I guess…

noks

These dangers are there before rooting your phone just made worse for the same reasons its made better and you would have to be generally ignorant not to realise that. I’m not insulting this article though I like to think you would be more educated then myself and due you the point of view to this issue I’m hoping that their isn’t any other suppose more pressing issues other then security, if so please let me know as I’m considering rooting my phone

Miserable In Rootville

I rooted my Droid X about 6 months after I bought it (Dec 2010), simply because I wanted to remove apps that Verizon forced me to keep. Why have apps that consume memory and power that I don’t even use? My thought was, “It’s MY PHONE. I paid for it. I should be able to do with it what I want.” Here I sit, one year and a month after I purchased it. I can’t update Android. My wife, who has the same exact phone model that I do, has been using a beautifully updated OS that I can’t get on MY PHONE.

Rooting is relatively simple, but once you go deleting the “bloatware” and doing everything else that rooting does, you have stepped onto the slippery slope. I consider myself easily within the top 20% when it comes to technology. Most that know me would probably say higher. After hours of research through various forums, I’m officially throwing my hands up. There is nothing close to a 1-click when it comes to returning your phone to a state that will allow an update. Every discussion inevitably devolves into a contest of who can use the most acronyms and techno-slang. This has been a nightmare.

Tomorrow I’m going to purchase a new phone. It’ll be worth it. I’ve invested waaay too much time trying to unravel this mess. If you want to be an expert at the operating systems of smartphones, and you have the time to invest? That’s your choice. If you’re someone like me, who wanted to tweak this or that, I strongly urge caution.

I will sourly pay the money for my new phone tomorrow after learning my lesson, and I will NEVER, EVER root MY PHONE again.

Well my wife and I just bought 2 Droid 4′s on Verizon network. We are both 1st time Droiders soon to be Droidheads. I want to root my phone for the sole purpose of removing the bloatware and those ” hey…create another account and we’ll get you on your way for a fee” apps. However it seems to be my understanding from reading countless forums and articles that once you root your phone you can’t unroot it. Let me Explain what I mean: Unrooting isn’t a mere closing out/removing SU credentials. It is in fact Reflashing the device with the stock rom (which brings
back all of the crapware that i want to keep removed.

What I am after is a way to root the phone, remove apps,configure what i need configured and then unroot the phone keeping the changes I have made. Is this not possible yet?

Trevor Waters

little knowledge is a dangerous thing

otaznik

I would like to root to get rid of bloatware. But …rooting is actually exploiting OS vulnerability, and you the user are helping it happen. While I could expect this was simplified for user comfort, as you do not see inside, how could you be sure one click will not turn your device into someone’s puppet. Even sudo app could be modified to not notify on certain parameters.
Imagine you are in dark street in some big city and someone will offer you great fun if you will follow to even darker part of the city, will you?
Considering number of malware and adware in the wild, and power hidden in cell phones (two way authentication, banking credentials, online activity, friends numbers, emails…) it is hardly to believe. Android should allow removing of unwanted apps, tethering is already inside.

portalfanatic

Wow, thanks. I do have a question, what if I want to root it so I can install, say, Tizen or Meego or Ubuntu Phone? Are the other open source Operating Systems like that as unsafe?

oneclickroot Anroid

I never had visited an infrequent blog like this. I am very glad to see an interesting article with plenty of knowledge shared by the blogger. I am looking forward to your blog for my future reference. Thanks for posting.

Ralph

I was definitely was going to root my Samsung Galaxy Tab by Verizon (<– I think) but, I was indeed smart enough to do my research! I had tried getting an app that will let me use screenshotting, and they all needed root. So, I was about to root my phone, and I did my research, ended up here, and, actually, a couple days ago I had just found an app WITHOUT root that will take screenshots anytime! This is quite discouraging though, but I will definitely protect my phone, if I do ever root my phone, which I probably wont. But, thanks so much, this will be kept in the back of my mind if I ever consider rooting! (The app is called Screenshot UX, and it is free)

The saddest thing about this article is that you felt the need to apologize to your readers for writing it :/

I’d bet money that of the tens of millions of people who’ve rooted their phones, less than 1,000 actually understand how the software managed to get root, and even fewer have taken the time to look at the code to make sure it isn’t doing anything else on the side.

Understanding what rooting a device means doesn’t mean you have the slightest clue how it was accomplished, or what the ramifications might be. Unless you’ve spent a great deal of time under the hood of your Android device, you can’t begin to claim to know it’s safe.

Kelly Stripes

I seriously enjoy your blog. Aside from the attractive page, this great article that can be read into this web site is impressing. I am some important topics in here which are not seen in any websites. Many thanks sharing this site. I love it.

Sir something went wrong while i was rooting my phone.,now it wont turn on.what will i do ? please any opinions ? T_T

RV

Franz – from what I gather, your phone is bricked. Search on the Internet for how to unbrick. Note: keep backups!

RV

I still don’t get what to do if my device ets bricked or how to unbrick the device even if it does get bricked.

Raj

I have a qus. that If i root my android phone. After rooting my phone could be hacked easily then a not rooted phone. I’m just curious. pls reply me fast.

Avalon

I came across this site when searching for info about rooted mobile phones actually are, you may think me daft but I bought a seconhand phone galaxy note 2 which when I bought I knew it had been an o2 that had been unlocked, when I used the agv anti virus it told me my phone was rooted hence my looking for information on what this means to mynphone and my use of it the safty online etc. It sugessts I revert to the original version but on looking on line cannot see how to do that and if I did would it then be locked to o2, I am not into this sort of thing at all never having been other than a mobile phone user any suggestions most welcome thanks

coperlynn@yahoo.com

I definitely agree with you on all your points they have been well received by me I have worked with all manner of systems from mainframes all the way down to these wonderful little phones that we all seem to have access to now. I have been working with them for about 28 years and I am scared of rooting a device for someone other than myself to use. The dangers can never be stressed enough. Bravo

Ps I thought maybe you might like to impart your opinion on the different levels of user access on the client side and the danger of that in someones unknowing hands

carlo

When i root my phone its 100% works. Then later,my phone appear this”xperiahome did not corresponding” then i power off,and open it again but when one hour past my phone did not open into home,its stock in waving :( Is this have a damage in my phone?cause itdid not open and this is void of warranty. Is this problem have a solution?